Cybersecurity in Power: Trends in Utilities

GlobalData Thematic Research 24 September 2020 (Last Updated September 24th, 2020 09:47)

Cyberattacks have the potential to damage a country’s power grid, with their major goal being to cause widespread infrastructure failures.

Cybersecurity in Power: Trends in Utilities

Concerns about cybersecurity continue to be at the top of utilities’ agendas, driven by the rising interconnected nature of infrastructure and systems.

Cybersecurity trends in utilities

Listed below are the cybersecurity trends in power utilities, as identified by GlobalData.

Cybersecurity at the top of utilities’ agendas

Cybersecurity is at the top of utilities’ agendas, and is now undoubtedly a growing concern for the power industry. This trend will continue, as many power utilities have to deal with increasing regulation, attack frequency, and the threat of state-sponsored cyber-attacks on crucial infrastructure. The need to connect a growing range of market participants to core utility systems, and the growth of private consumer data coming into utilities’ systems through smart metering and smart home initiatives also builds up additional risks and regulatory responsibilities.

Power utilities’ security threats to grow

Utilities’ existing systems are now becoming increasingly connected through sensors and networks and, due to their dispersed nature, are becoming increasingly difficult to control. This growing attack surface can potentially provide an opportunity for attackers to target the grid, as they did in Ukraine in December 2015. Hackers attacked three power distribution companies in the country and disrupted the electricity supply temporarily. This was followed by another cyber-attack in Ukraine’s capital Kiev in December 2016 that caused a power outage during December 17-18. Recently, the European Network of Transmission System Operators for Electricity (ENTSO-E) becomes the latest victim of a cyberattack.

Impact of Covid-19

The ongoing Covid-19 crisis is making power utilities more prone to cyberattacks. With most utilities now working remotely, attackers will strive to benefit from the rush to remote systems and undermanned facilities. Utilities need to comprehend the new cyber-risks involved with home-based work such as social engineering attacks and less reliable internet connections and accordingly set-up baseline defences relevant to remote working.

A role for blockchain

Utilities are becoming more decentralised, due to their rising reliance on distributed generation, storage, and flexibility services by customers and other industry participants. The rise in the growth of electric vehicles (EVs) is posing a challenge to the centralised model of utilities, and so is the growth of small localised and municipal energy systems and microgrids. Increasingly, utilities are seeing the potential of blockchain to allow coordination between these numerous players with conflicting interests, and facilitate the exchange of information and value between them via mechanisms such as smart contracts.

All of the different participants in the grid will be constantly transacting with each other, and such transactions should be automated and transparent to consumers. Blockchain, with its ability to manage smart contracts, has the potential to support this distributed trading system and handle the complex commercial arrangements between different parties on the energy market.

Increased focus on edge and local resilience

As utility infrastructures become more interconnected, smart, and decentralised, a centralised approach to secure them is difficult and will become increasingly untenable. While central monitoring and oversight is essential, it is not sufficient, since a central system cannot react quickly enough to threats, especially as control becomes fragmented across numerous systems such as microgrids.

Addressing cybersecurity challenges will support Industrial IoT uptake

Many governments are grappling with the challenge of securing their countries’ critical national infrastructure against cyberattacks. Utilities cannot risk opening up critical infrastructure assets to cyberattacks that could cause dangerous equipment failure, widespread blackouts, or a compromise of clean water supplies. While the Internet of Things (IoT) has become a key enabler in the modernisation of critical utilities’ infrastructure, it has also exposed power utilities to a host of new threats and vulnerabilities. Security therefore remains the number one obstacle to wider industrial IoT uptake.

The integration of IT elements into utilities’ operational systems has opened up industrial control systems, such as SCADA, to potential cyberattack, which is a growing concern among utilities. IoT, if it moves beyond point applications to encompass analytics and a holistic view of utilities’ infrastructure, could enhance aspects of security by helping manage infrastructure more effectively and monitor unusual patterns. At the same time, it is also a major enabler of more efficient grids, enhanced maintenance and asset management, and better customer outcomes.

This is an edited extract from the Cybersecurity in Power – Thematic Research report produced by GlobalData Thematic Research.